The history of encryption

The deployment of the Enigma Machine by Nazi forces in World War II, and the cracking of its cryptographic systems by allied codebreakers heralded an immense increase in international interest in encrypted systems. Since then there has been an exponential rise in the use of the internet for the communication and storage of data, resulting in growing investment in strong encryption techniques from major technology firms.

Since the implementation of the EU’s General Data Protection Regulation (GDPR) in May, media reports of data breaches have skyrocketed. British Airways, Facebook, Ticketmaster, and Cathay Pacific are all organisations that have made headlines over the last months showing the breadth of sectors affected worldwide by data compromises.

Compliance-driven pieces have been a relatively common occurrence in the media since the application of GDPR. We however aim to look in this blog post at GDPR from a threat actors’ perspective. With GDPR bringing in major changes on the management and transfer of data, threat actors are likely to find innovative ways to exploit and benefit from these changes.

‘There are now three certainties in life – there’s death, there’s taxes and there’s a foreign intelligence service on your system’ – Head of Cyber at MI5 (2013)

Over the last two decades, the scale and severity of cyber attacks has been very variable. It is probably safe to suggest that the secret sabotage of a nuclear facility by the Stuxnet worm is in a slightly different league to the theft of payment card data held by a commercial brand like Chipotle. Nonetheless, there are several underlying attributes that provide a common framework to compare unconnected incidents. The Diamond Model of Intrusion Analysis indicates that for every incident, there is:

For much of the time, cybersecurity researchers can find themselves limited to informed speculation and assessment about the sort of activity that cybercriminals perform, prior to launching a large cyber-theft operation. We believe that they will be performing reconnaissance on employees at the bank, particularly those in privileged positions linked to the payment and IT platforms, but some of the more precise details are limited. However, every now and again, information will be leaked which can provide some unique insight into the activities of cybercriminal groups and what they look for in a victim.

On the 16th July, the Department of Justice indicted 12 Russian nationals for their role in the cyber operations against the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). It was the latest in a series of private sector and government publications that provide proof tying Russian hackers to the breaches of Democrat Party institutions and the theft of confidential information.

Some industries are more likely to attract particular kinds of threat actors than others. The retail and hospitality industries for instance are very attractive targets for cyber criminals as both collect and process large quantities of personal and financial data. This is similar to the banking industry but, whereas major bank breaches are now considered to require sophisticated operational procedures and have become the preserve of highly specialised groups, the retail and hospitality industries remain prime targets for criminals of all capabilities.

The Russian Federation is currently pursuing a radical transformation to internet connectivity within the country. RuNet 2020 is an ambitious project to establish a national government-controlled network which is intended to function in an insulated environment from the broader internet in the event of a crisis.

As of the time of writing, the three bitcoin wallets associated with the WannaCry ransomware have received a combined total of about 53.8 BTC – just shy of USD 500,000 at current conversion rates . This is despite the “kill switch” and other implementation flaws that impeded its early propagation. It also flies in the face of the numerous articles circulating in the security community that cast doubt on whether it is even possible for WannaCry victims to consistently get their files back.

The State of Israel has developed exceptional cyber capabilities that surpass all other nations within the MENA region. In January 2017, Prime Minister Benjamin Netanyahu declared that Israel had become one of the top five global cyber powers. Israel conducts covert cyber operations that are strictly classified and rarely formally acknowledged. So, beyond the infamous Stuxnet virus, what do publicly available sources reveal about state-sponsored hackers within Israel?

If you examine the history of cyber breaches, you will find that the most newsworthy are usually attributed to Russia, China, Iran, and more recently North Korea. This may, or may not be true, but to echo the words of Eugene Kaspersky: the reality is that everyone hacks everyone. Friends attack foes, but friends also attack friends… secretly of course.